On 9/25/11 12:58 AM, Fernando Gont wrote:
> Hi, Tomas,
>> On 09/22/2011 05:44 AM, Tomas Podermanski wrote:
>> Hi all,
>> I see that slides turned on quite interesting discussion. I can also
>> contribute with two more presentation on that topic available at:
>>>> 05/2011 IPv6 – Security Issues - IPSec does "solve" everything
>>http://europen.cz/Proceedings/38/2011-ipv6-sec-europen.ppt> Thanks for sharing the slides.
>> I went through this set (the one above), and must say I don't agree with
> it. The reasons are those described in the slide set that I shared in
> the first e-mail of this thread.
You probably got me wrong. The first slide only demonstrates the very
common opinion about IPv6 and IPSec. I completely agree with you that
IPSec is NOT the solution for security problems and IPv6 have got a lot
of other and bigger troubles. In reality that means IPv6 is NOT ready
for using in production environment and can not provide even similar
security level as IPv4 does.
>> In short: There is not going to be any additional use of IPsec as a
> result of IPv6 deployment. And not, there is not going to be increased
> security with IPv6. Actually, at least in the short and near term, it is
> going to be the other way around.
>> Rather than making claims about "improved security", we should raise
> awareness about IPv6 security challenges, such that they are mitigated,
> and the security level of the involved networks does not *decrease*.
>>
Sure. I try to convince people in every my presentation that IPv6
doesn't bring any security benefits (instead of sites like ipv6.com).
The problem is that IPv6 protagonist do not want to hear such arguments
and always claims that is not too bad etc. As the result of that we can
see common IT staff very frustrated with IPv6 (Of course, I mean the
people who have started doing with IPv6). The sad reality that is just
impossible to properly secure a IPv6 network today. Even mitigation of
security problems with IPv6 will cost you fortune and still you will not
have an equivalent security level as in IPv4 - specially in first hop
security.
I am always very happy to see anybody who tries to expose the naked
truth of IPv6 reality because it is exactly what we need to.
Thanks.
Best regards,
Tomas